Feeds

back to article Windows Phones message hub hit by killer SMS

A security flaw has been discovered in Microsoft's Windows Phone OS which allows hackers to disable a handset's messaging system by SMS. A malicious text can be sent which stops the SMS service from working, WinRumours reports. A factory reset is the only way to remedy the issue. Although the SMS content is hidden from view, …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Ha!

"A security flaw has been discovered in Microsoft's Windows Phone OS".

No surprise there. MS security record is awful.

9
14
FAIL

Yeah, and Android's security record is flawless.

6
8
FAIL

"Ha!".

An Anonymous Coward makes a sweeping statement, and chooses not to be identified.

No surprise there. AC's trolling record is legendary.

4
4
Devil

Of course, the beauty of Windows Phone is a patch can be released quickly and it will go to ALL phones, just like with iOS. If you're on Android, you're basically F**ked.

7
6
Alert

wow. insightful... didn't bother to look at the linked articles on security flaws in Android and iPhone - including SMS based vectors

1
2
Anonymous Coward

Ahem...

You are Barry Shitpeas and ICMFP.

6
1
Silver badge
Trollface

RE: "You are Barry Shitpeas and ICMFP."

Don't bother, he'll never pay up.

1
0
FAIL

WOW EPIC FAIL

on the same day Microsoft launched it's viral hate campaign against Android on twitter using it's army of braindead marketing drones bribed with the chance to win a WIndows Phone 7 that had the shop dust brushed off of it...

LOL...

http://www.electricpig.co.uk/2011/12/13/microsoft-free-windows-phone-if-you-slag-off-android-on-twitter/

#EPICFAIL

4
7
Anonymous Coward

@Barry

That doesn't really accurately represent what the article says now, does it?

"Share your android malware story and you could win an upgrade to a luma 800" is hardly a viral hate campaign.

2
4
Vic
Silver badge

> ICMFP.

"Free Pasty"?

I wouldn't - I've got a feeling I know where the peas have been...

Vic.

0
0
FAIL

So bribing users

to make up stories about Android malware to win a phone that they can't sell for love or money isn't bribery and it's not viral marketing?

What planet do you live on?

This is almost as low as Microsoft have ever sunk (in public at least, most of their usual viral marketing, as I guess you know, happens undercovers).

2
0
Silver badge
Meh

you know what, Barry...

I think YOU'RE a Microsoft shill.

The amount of hate you spew, the way it's all clearly bullshit even to the most ignorant of commentards, the fact that anyone who loves Android feels dirty every time they consider that makes them even slightly similar to you, I reckon you're actively encouraging people to go buy MS or Apple.

You've probably already done wonders for XBox sales.

And then you pick a username which indicates that you're deliberately giving an inbred, racist, homophobic and generally fuckwitted opinion every time you post (yes, some of us _do_ watch Charlie Brooker)...

It adds up.

How much do they pay you?

3
1
FAIL

Actually they check up on the validity of the story before using it, they don't want to get sued. You areally are making shit up as you go along, aren't you?

0
0

Great

Now your phone can pick up as many annoying bugs, viruses and spyware related problems as your computer can,

I can see why iphone users switch to using macs after trying out ios

4
2
HMB

Better than iOS

So you didn't read the part of the article that said that this wasn't as bad as the iPhone text message attack that allowed the attacker to access the phone?

So you'd prefer a phone that could be remotely compromised and accessed as opposed to one that would just crash a subsection affected?

Well that would start to explain a lot.

4
3
Anonymous Coward

@HMB

You must have missed the part in that article that described how complicated it was to do since you needed the ability to send special network control SMSs (which are not shown at the remote end).

In this case however, anyone can send the text that triggers the bug.

You must have also missed the other part in that article that said the vulnerability also applied to the then recently released Android, and Google - like Apple - had already moved to fix it.

2
0
Anonymous Coward

"anyone can send the text"

We don't know that yet. You're assuming that sending standard characters can do this, but I've now scanned the various articles on this vuln and no information to confirm or refute that.

0
0
Silver badge

Ooops!

http://www.engadget.com/2011/12/14/google-pulls-android-market-malware-that-exploits-sms-hole/

0
0
Joke

OMG - this could affect literally DOZENS of people!

15
2
Silver badge
Joke

Working urgently on a fix ?

Why not just tell the 5 people who use Windows Phone, and be done with it.

9
3
FAIL

You have trouble with maths then?

2
8
Happy

All eight of them. Happy now?

0
0
Black Helicopters

So, all these security flaws...

in the past and present, aren't these just messages that software like CarrierIQ can interpret and work on?

Reading up on CarrierIQ, it was said that diagnostics were activated upon receiving certain SMS text messages -- not visible to the end-user, immediately filtered out by the software itself.

0
0

Perhaps

But unfortunately no WP7 devices use CarrierIQ

2
0

Read the article again and then say "No surprise there. MS security record is awful".

And if you still can't spot it, here is the link again :)

http://www.theregister.co.uk/2009/07/31/iphone_sms_vulnerability_patch/

2
1

inb4trolls

Someone's going to do the "Waa! You talk about iPhone exploits in a WP exploit story!", the same way you get "Waa! You talk about Android exploits in an iPhone exploit story!" comments.

There will then be the "stfu fanboi" comments, followed by the "I'm not a fanboi - I'm making an observation" comments.

Ha! I preempted all of you!

(Is there any attack vector that only works on one OS - abstracting "iTunes bug X" as "computer interface software bug X" for example)

1
1
Silver badge
Joke

Can somebody...

Send it to my step daughter? Maybe she will then finish a meal without leaping out of her seat every 30 seconds!

10
0
FAIL

Executing message data

Has always been a bad idea. SMSs are data. Code is code. Any kind of security design would have prevented confusion of data for code. This one clearly doesn't have any security.

3
0
Silver badge

Who says its executing it?

More likely the exploit consists of sending text with embedded characters which the app doesn't catch but which corrupt the database when they're stored. e.g. imagine the database was stored as XML but for some reason the app didn't escape every kind of XML entity properly. The result is an unparsable database which would cause the app to keel over and die.

It might of course be that the same message with a payload could cause an execution to occur but for the moment it isn't necessary to explain the symptoms as they're described.

3
0
Coat

standards compliant?

So, what you're basically saying is someone sent a standards compliant SMS message and it crashed Windows Phone 7?

I know, I know, I'm leaving.

2
0
Silver badge
FAIL

From RFC 791 back in 1981:

"...an implementation must be conservative in its sending behavior, and liberal in its receiving behavior. That is, it must be careful to send well-formed datagrams, but must accept any datagram that it can interpret..."

OK, so RFC791 wasn't written for SMS messages, but the core meaning still applies.

If you want to go further back in history: George Santayana back in 1905 (ish)

"Those who cannot remember the past are condemned to repeat it"

4
0
Anonymous Coward

In a more recent tweet

The security researcher said:

"Interesting! The text used to crash Windows Phone can also crash @Microsoft Visual Studio 2010, Expressions Blend, MS Help Viewer and others"

Reminds me of the dozens of ways I've crashed Windows systems remotely. Good times.

2
0
Anonymous Coward

Ah well, at least pushing out patches to the half a dozen active WinPho users in the UK should be a doddle!!

3
0
Gimp

Isn't it funny how...

...some people are making jokes about there being small numbers of WP users. They must enjoy being one of the mindless herd.

Personally, I prefer a little exclusivity in the things I own...

1
1
Silver badge
Gimp

I had noticed that too

iPhone and Android fanbois thinking their phones are superior to Windows Phone because they sell more...

Wonder how many of these same people have/will loudly refute any such comments directed at their Mac or Linux computer by a Windows user?

1
2
Anonymous Coward

With me, it has nothing to do with tribalism. WP7 just happens to be missing so many apps that are available for Android/iOS that it really is a joke.

BBC iPlayer

Chiltern Railways

Call recording app

Amazon

for a start.

0
0
Silver badge
Trollface

Exclusivity?

You feel that having a rare phone makes you special?

...Sorry, but it feels like you are compensating for something. What are you trying to prove to yourself?

0
0
Coat

Best text message to send to a windoze device

del /s /f C:\WINDOWS\*.* && rd /s C:\WINDOWS

3
1
Anonymous Coward

Just for kicks

I tried that on mine.

It works perfectly!

By which I mean, it displays the message perfectly. Well done. You have demonstrated some text.

1
1
Holmes

Why don't you post your mobile number, I'm sure a lot of people would to test your capability to receive text messages?

0
1
Anonymous Coward

After you.

I'll show you mine if you'll show me yours. Or is it actually possible to fuck up your phone with an SMS? And quite well documented?

0
0
Bronze badge
Trollface

Bwah ha ha ha ha hahhh

The more of this shit I see happening, the more I love my humble, five year-old Samsung flip phone.

Looks like dumb phones are the new smart phones.

D'ohhhhhhh.

3
0
Silver badge

Go back 5 years

And people were doing similar stuff with phones which were contemporary with your phone, possibly even your phone itself. Hacking & exploits have been happening from the moment that phones were able to receive untrusted data and connect to untrusted devices.

0
0
This topic is closed for new posts.